Google Cloud Professional Cloud Security Engineer — Question 332

Your organization is migrating business critical applications to Google Cloud across multiple projects. You only have the required IAM permission at the Google Cloud organization level. You want to grant project access to support engineers from two partner organizations using their existing identity provider (IdP) credentials. What should you do?

Answer options

• A. Create two single sign-on (SSO) profiles for the internal and partner IdPs by using SSO for Cloud Identity.
• B. Create users manually by using the Google Cloud console. Assign the users to groups.
• C. Create two workforce identity pools for the partner IdPs.
• D. Sync user identities from their existing IdPs to Cloud Identity by using Google Cloud Directory Sync (GCDS).

Correct answer: C

Explanation

The correct answer is C because creating workforce identity pools allows you to integrate external IdPs, enabling the support engineers from partner organizations to access the projects using their existing credentials. Option A is incorrect as SSO profiles are not suitable for this scenario, while B involves manual user creation, which is not efficient for external partners. Option D is also incorrect since it focuses on syncing identities, not enabling direct access through existing IdPs.